Authentication Spoofing Once the adversary sees a single challenge/response pair for a given key k, he can extract v and RC4(v,k). Now he tries to connect to the network himself: The base station sends a challenge string M' to the adversary The adversary replies with v, XOR RC4(v,k) This is in fact the correct response, so the base station accepts the adversary The adversary has succeeded! Even though he never did learn the value of k